If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Unauthorized senderless email crreated by or logged under AVG 7.0 FREE
Email account hijacked.
Cyrus SASL 2.1.13 appears to be the embedded email client for AVG 7.0 Free in the email scanning section. It is either creating or disclosing the creation and sending of authorless (that is, a blank FROM field, not the complete header which includes a "from") emails within itself. Does anyone know anything about this? Is it a security hole within the product or is the product itself doing it? The logs are usually named "emc" or 'emc-##' and on my machine are under WINDOWS/Application Data/AVG7/Log/. The ultimate symptom result is returned to sender email notices in the case of non-existent addresses, however they are not all non-existent and i do not knowingly converse with people at "phreaknet.net" -- which is one domain I have noticed. SASL stands for "Simple Authentication Security Layer" and there appears to be a patch of some kind available but the redhat (?) CYRUS product also appears embedded which would probably stymie direct patching. I have not taken this to the AVG forum for obvious reasons. (Please -- if your answer is "so, don't run it" or something of a similar ilk, hold off. I know that answer as well as "so, turn off email scanning" -- which may simply obscure the problem if it is not the Grisoft product doing it. In other words, I am looking for some other than a broadaxe approach here.) FACE |
#2
|
|||
|
|||
Perhaps AVG has been compromised. Run a complete virus scan using something
other than AVG. -- Jeff Richards MS MVP (Windows - Shell/User) "FACE" wrote in message ... Email account hijacked. Cyrus SASL 2.1.13 appears to be the embedded email client for AVG 7.0 Free in the email scanning section. It is either creating or disclosing the creation and sending of authorless (that is, a blank FROM field, not the complete header which includes a "from") emails within itself. Does anyone know anything about this? Is it a security hole within the product or is the product itself doing it? The logs are usually named "emc" or 'emc-##' and on my machine are under WINDOWS/Application Data/AVG7/Log/. The ultimate symptom result is returned to sender email notices in the case of non-existent addresses, however they are not all non-existent and i do not knowingly converse with people at "phreaknet.net" -- which is one domain I have noticed. SASL stands for "Simple Authentication Security Layer" and there appears to be a patch of some kind available but the redhat (?) CYRUS product also appears embedded which would probably stymie direct patching. I have not taken this to the AVG forum for obvious reasons. (Please -- if your answer is "so, don't run it" or something of a similar ilk, hold off. I know that answer as well as "so, turn off email scanning" -- which may simply obscure the problem if it is not the Grisoft product doing it. In other words, I am looking for some other than a broadaxe approach here.) FACE |
#3
|
|||
|
|||
Unauthorized senderless email crreated by or logged under AVG 7.0 FREE
Perhaps AVG has been compromised. Run a complete virus scan using something
other than AVG. -- Jeff Richards MS MVP (Windows - Shell/User) "FACE" wrote in message ... Email account hijacked. Cyrus SASL 2.1.13 appears to be the embedded email client for AVG 7.0 Free in the email scanning section. It is either creating or disclosing the creation and sending of authorless (that is, a blank FROM field, not the complete header which includes a "from") emails within itself. Does anyone know anything about this? Is it a security hole within the product or is the product itself doing it? The logs are usually named "emc" or 'emc-##' and on my machine are under WINDOWS/Application Data/AVG7/Log/. The ultimate symptom result is returned to sender email notices in the case of non-existent addresses, however they are not all non-existent and i do not knowingly converse with people at "phreaknet.net" -- which is one domain I have noticed. SASL stands for "Simple Authentication Security Layer" and there appears to be a patch of some kind available but the redhat (?) CYRUS product also appears embedded which would probably stymie direct patching. I have not taken this to the AVG forum for obvious reasons. (Please -- if your answer is "so, don't run it" or something of a similar ilk, hold off. I know that answer as well as "so, turn off email scanning" -- which may simply obscure the problem if it is not the Grisoft product doing it. In other words, I am looking for some other than a broadaxe approach here.) FACE |
#4
|
|||
|
|||
Thank you Jeff. I think I will use TrendMicro unless you another
suggestion. Yes, it may not be the Grisoft product but some McNasty riding the lines and exploiting the email client in AVG. FACE On Mon, 29 Nov 2004 11:47:22 +1100, "Jeff Richards" in microsoft.public.win98.performance wrote: Perhaps AVG has been compromised. Run a complete virus scan using something other than AVG. |
#5
|
|||
|
|||
Unauthorized senderless email crreated by or logged under AVG 7.0 FREE
Thank you Jeff. I think I will use TrendMicro unless you another
suggestion. Yes, it may not be the Grisoft product but some McNasty riding the lines and exploiting the email client in AVG. FACE On Mon, 29 Nov 2004 11:47:22 +1100, "Jeff Richards" in microsoft.public.win98.performance wrote: Perhaps AVG has been compromised. Run a complete virus scan using something other than AVG. |
#6
|
|||
|
|||
I just ran TrendMicro Housecall. No viruses found.
I also walked the entire tree for sub-directories starting with "C", looking for "Cyrus". No go there. I also looked under all Grisoft/AVG trees for something obvious. Nothing. There was an interesting .cfg file for the email scanner though -- FWIW, it appears to use port 10110 to send email. FACE On Mon, 29 Nov 2004 11:47:22 +1100, "Jeff Richards" in microsoft.public.win98.performance wrote: Perhaps AVG has been compromised. Run a complete virus scan using something other than AVG. |
#7
|
|||
|
|||
Unauthorized senderless email crreated by or logged under AVG 7.0 FREE
I just ran TrendMicro Housecall. No viruses found.
I also walked the entire tree for sub-directories starting with "C", looking for "Cyrus". No go there. I also looked under all Grisoft/AVG trees for something obvious. Nothing. There was an interesting .cfg file for the email scanner though -- FWIW, it appears to use port 10110 to send email. FACE On Mon, 29 Nov 2004 11:47:22 +1100, "Jeff Richards" in microsoft.public.win98.performance wrote: Perhaps AVG has been compromised. Run a complete virus scan using something other than AVG. |
Thread Tools | |
Display Modes | |
|
|